2. Phishing Scams
Phishing scams (alternately known as imposter scams) involve an attacker pretending to be someone else in the hopes of convincing you to give up specific information—a credit card number, a password, your mother’s maiden name. Phishing scams are often the prelude to identity theft.
Phishing relies on the attacker gaining your trust. An email purporting to be from your bank or your utility provider may look a lot like the real thing. One especially nefarious and popular form of the attack is to email you a fake, outrageously high bill for services. When you click the link to try to figure out why the balance due is so high, in your panic you fail to notice the signs that it isn’t real, including any misspelled words, broken images, or suspicious email addresses or links. By then it’s too late: You’ve already given over a password or financial information, and the hacker is off to the races.
Phishing can also take place over the phone, on social media, or in person. For example, a scammer could show up at your front door in a uniform claiming to be from your alarm company and looking to perform an upgrade. In reality, the person is there to snag your home security system’s PIN.
How to Avoid Phishing
Email is the most common avenue for phishing attacks, so your best defenses are a strong third-party anti-spam system (from a provider such as Norton or Kaspersky) and resolute suspicion when it comes to filling out online forms. “Check your sources,” says Tom Patterson, chief trust officer of Unisys, a global IT firm. “No longer can you trust that link from your family, friends, or co-workers with important-sounding names and impressive-looking logos.” Some paid antivirus programs also include web browser protections that can help detect whether a site is legitimate.
On the phone, if you pick up a call from someone who sounds suspicious or is requesting personal data, take down their information—name, affiliation, reason for calling, and number—and ask to call them back. You can look up the number online to ensure the caller is legitimate and that the number provided is correct before proceeding. Never share information over the phone unless you have called the company directly. Companies should never call and ask for your credit card information or personal details.
Have you ever had a message pop up on your computer screen warning you that your system has been hacked—and the only way to fix it is to send money (often bitcoin) to a certain account? This is an increasingly popular scam known as ransomware, wherein an attacker holds your system ransom until you pay up. In some cases, your files have been encrypted, and you’ll have to buy a key code to unlock them.
The first thing to know is that, in many cases, ransomware attacks are bogus. The pop-up message claiming that your system has been hacked may simply be a virulent advertisement. Nothing has actually been done to your device; however, the pop-up is still a sign of a possible malware infection and should be dealt with quickly. Running a simple anti-malware application such as Malwarebytes can often clear this up.
If you’ve genuinely been attacked and your files have been encrypted, experts are divided on whether you should pay the ransom. One expert estimates that criminals come through with the key 70 percent of the time after receiving payment. However, your payment also marks you as a potential gold mine, which means they could instead request even more cash with no intention of ever freeing your files.
How to Prevent Ransomware Attacks
The best defenses? Strong anti-malware software, kept up to date, plus daily backups of your critical files. Cloud storage providers such as OneDrive and Dropbox make online backups easy and are arguably safer than using an external hard drive, which can also become infected by malware or encrypted by ransomware.
4. Phone Scams
Although internet fraud tends to get more attention, the phone is the number-one way people report being contacted by scammers, according to the FTC. Three out of every four scams reported to the Federal Trade Commission in 2019 used phone calls, and unwanted calls are the Federal Communications Commission’s top consumer complaint.
Phone scams have existed for decades, but in recent years they have evolved. No longer does a resolute criminal have to dial potential victim after victim and make a series of attempts to talk you out of your cash. Now a computer does the heavy lifting. Autodialers—the devices or programs that make robocalls—can send thousands of pre-recorded messages to victims, hoping that one or more of them sticks. The variations are endless: The IRS is investigating you. Your bank account has been seized. There’s a warrant out for your arrest. And most amusingly, your Social Security number has been suspended (which isn’t possible).
Increasingly, phone-based attacks can take the form of text messages or strange voice mails that appear after one ring or none at all. The goal, as with robocalls, is to trick you into calling them back.
How to Prevent Phone Scams
All of these attacks prey on people’s fears. They rely on people panicking and supplying bank or credit card information in a bid to quickly resolve a problem that doesn’t exist. Blocking these numbers—which are often spoofed and changed with each call—is usually ineffective, and attempting to “opt out” by telling a caller to stop or pressing a certain key on your phone as directed may mark you to receive more calls, not fewer.
The best defense is to ensure all your numbers are current on the National Do Not Call Registry and to ignore calls from any number you don’t recognize. (After all, if it’s important, they’ll leave a message.) You can also try one of the many call-blocking apps that are available.
5. Phony Prizes and Lotteries
Congratulations, you’re a winner! The prospect of getting free stuff is effective—consumers lost $121 million to these scams in 2019, the FTC report shows. How do you lose money when you’ve been promised winnings? The trick is usually that you have to pay some kind of fee to collect your prize—say, to cover taxes or shipping for that new car that’s (not) on the way.
A more modern spin on the scam involves sending you a counterfeit check for more than the amount you “won.” The scammer tells you to deposit the check and wire back the overage, because they trust you won’t try to keep the excess. Only once the wire has cleared does your bank realize the check is fake, leaving you with a deficit. In most states, you are responsible for the losses, and your account will be debited accordingly. The bottom line: Never deposit a check from someone you don’t fully trust.
How to Avoid Phony Prizes and Lotteries
To be safe, toss all junk mail unopened and install a reliable spam filter on your computer. Your bank can help advise you if a check you received is legitimate. A “cleared” check doesn’t actually mean it’s real: It can take a bank weeks to determine a check is fake. If there’s any suspicion at all, pros suggest waiting a full 30 days before drawing funds against a deposited check.